Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-3470

SCEP operations may fail when using an HSM

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: EJBCA 6.0.4
    • Fix Version/s: EJBCA 6.1.0
    • Component/s: None
    • Labels:
      None
    • Issue discovered during:
      Customer

      Description

      Decryption of the CMS-like messages of SCEP uses the crypto provider of the crypto token holding the private key of the recipient (the CA). Using old BC APIs also the symmetric decryption uses the same provider, which may fail depending on HSM, P11 etc. We should use BC provider for the symmetric decryption (the symmetric key is unwrapped using asymmetric operations on the HSM.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                tomas Tomas Gustavsson
                Reporter:
                tomas Tomas Gustavsson
                Verified by:
                Johan Eklund
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: